NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator's Guide

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series

371

372

373

374

375

376

377

378

379

380

Security Considerations

NonStop Servlets for JavaServer Pages (NSJSP) 6.1 System Administrator’s Guide—596210-006

8-30

Web Resource Collection

The security constraint, which is represented by the security-constraint element

in a deployment descriptor, consists of the following elements that are used to secure a

resource:



web-resource-collection



auth-constraint



user-data-constraint

While the web-resource-collection is a required element, auth-constraint

and user-data-constraint elements are optional elements.

The following sections discuss the different elements in the security-constraint

element:



Web Resource Collection



Authorization Constraint



User Data Constraint

Web Resource Collection

HTTP operations and web resources to which a security constraint applies (that is, the

constrained requests) are identified by one or more web resource collections. A web

resource collection (identified by the web-resource-collection element) consists

of the following elements:



URL patterns - Specified by the url-pattern element in the web.xml file.



HTTP methods - Specified by the http-method element in the web.xml file.

The following is a sample web-resource-collection from a web.xml file:

<security-constraint>

<web-resource-collection>

<web-resource-name>Domain Manager User URLs

</web-resource-name>

<url-pattern>*.htm</url-pattern>

<url-pattern>*.html</url-pattern>

<url-pattern>*.jsp</url-pattern>

<url-pattern>*.xml</url-pattern>

<url-pattern>*.help</url-pattern>

<http-method>POST</http-method>

<http-method>GET</http-method>

</web-resource-collection>